/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      https://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.springframework.security.web.context;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.security.core.context.SecurityContext;

/**
 *  将 SecurityContext 存入 HttpSession，或者从 HttpSession 中加载数据并转为 Security
 * Context 对象，这些事情都是由 SecurityContextRepository 接口的实现类完成的。
 *
 * @author Luke Taylor
 * @since 3.0
 *
 * @see SecurityContextPersistenceFilter
 * @see HttpSessionSecurityContextRepository
 * @see SaveContextOnUpdateOrErrorResponseWrapper
 */
public interface SecurityContextRepository {

	/**
	 这个方法用来加载 SecurityContext 对象出来，对于没有登录的用户，
	 这里会返回一个空的 SecurityContext 对象，注意空的 SecurityContext 对象是指 SecurityContext
	 中不存在 Authentication 对象，而不是该方法返回 null。
	 *
	 * @param requestResponseHolder holder for the current request and response for which
	 * the context should be loaded.
	 *
	 * @return The security context which should be used for the current request, never
	 * null.
	 */
	SecurityContext loadContext(HttpRequestResponseHolder requestResponseHolder);

	/**
	 * 该方法用来保存一个 SecurityContext 对象。
	 *
	 * @param context the non-null context which was obtained from the holder.
	 * @param request
	 * @param response
	 */
	void saveContext(SecurityContext context, HttpServletRequest request,
			HttpServletResponse response);

	/**
	 * 该方法可以判断 SecurityContext 对象是否存在。
	 *
	 * @param request the current request
	 * @return true if a context is found for the request, false otherwise
	 */
	boolean containsContext(HttpServletRequest request);
}
